Grafana says hackers compromised business contact information and downloaded its codebase as a result of the TanStack supply ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

OpenAI confirmed that two employee devices were compromised, but found no evidence that user data, production systems, or ...

OpenAI says no user data was accessed in the TanStack npm compromise: two corporate laptops, some credentials, and a forced macOS update.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

A May 11 supply chain attack affected over 170 npm and PyPI packages, including 404 malicious versions of Mistral AI, TanStack, UiPath, OpenSearch, and Guardrails AI. It’s the first documented case of ...

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...